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^ feft, 25 3T^T, 2011 

W&t.fH. 782(3T) —wm *pTT pMPt# 3TWm, 2000 (2000 35T 21) «TRT 87 5RT 

wr ?rferf wfr\ ^rr <hhi«i<*kiT to*r, 2000 wi sik 

1. *jtHi Mlsuffi# (win iuic^^T 3 rrf%^T^t) f^RPT, 2011 ti 

( 2 ) 


2. xHtftt dteftM (MHiui 4 )cii wtorfl) tor, 2000 # > • 

{^5) 4 #, “ 3 tk afiffcr tefj ^srfrto 

fr^re wiRci qr M i ^d 

“3^ %> STW ^tcFT 3f#q- cRTT 3T^Zf JFTM TO % W&T ‘ 

5^? 5^«r^iPicp TJT hi^ci f^tfl'vll^ir 


(^I)Pm5 



^TT, 3T8tfct> 


“5 ?>. 3T^T wm TO cfiT xHc-afTO- m PIAM4) £RT *Tfacf ^FcT-f^cf) TOWTO S sjft 

eft^ <pfr S^^cFTT fc^ fc^cRFfcl JTT^T TOU $, TO^cT TOTWcfT 

WHIU| TO#UIHlftl<tx1l 'HoWTO ^ fe!^ f^TT ^TWIT I 


(^) af^iRct TTWT Mdnwcil mfiwj'il # cfl^TOWTOW’STOfk e^ciiSKcpaf ^Tviil^f^ 
W 3T^T feigct? M*il u l TO^T HHlftWcil tlcilN'l IclV f^i|| vjfP^N I 
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(T) 3^51 f^cl MI'-d JFTPT^cit ITTte^ Sf^l TCff ^ 5TR7UT tfT 
^ fcFJ 3TP?ft 'STfT SEIM W f^ETRT1? sraRT ^JpTT 3ff£rPpTT ?TRT 38 ^ 3Tefh=T 
nfcFFTS^r 457 fteW& I 


(ET) f^ft 3T^feT# RRmi^jcII 4T Tfc^EET ^rt WT cMTSJTH) f^p> TmTUT W 
vjll^cpdl >Rl u l0dt mjRw>^ Jvift PFTM 4T ^ ETEZPT P|4^> % 7T-l>7<il$fft?T 5PTM TT cfr ^?TT2T 

7id <T 1 f^53TT vjTFTT tllf&{ 3lk OTcTT# 45tf *fr 5HM TT fc^chH^W ^ t, eft TfcTTfacf 

=#%Tumpt I” 

' - [^. 7?. H(ll)/20l0-flXd^] 

^ ter ^flTcf & W?, 3FHTm^r # 3TflRpTT 7T. TTT.^.R 789(31) 17 3Ff^7, 2000 

SI7T Pra^RTcf f^«t 3ifk 43^Ic^cff 7T?ftER f^RteffecT SfURJ^FfT TRsZTFlt £I7T f^ 1 !^:- 


^r.^r.f^r. 902 ( 3 ?), 21.11 .2003 mm ft. 245(3T), erto 21 . 4.2005 

7?T.Sf5T.f^. 285(31), <TTto 23.4.2004 W.^T.^T. 32(30, cTT^ 18.1.2006 

535(3?), crater 20 . 8.2004 tit.cjtR 566(3i), 5 . 8.2009 

MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY 
(Department of Information Technology) 

NOTIFICATION 

New Delhi, the 25th October, 2011 

G.S.R. 782(E).— In exercise of the powers conferred by section 87 of the Information 
Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules 
further to amend the Information Technology (Certifying Authorities) Rules, 2000, namely:- 

1. (1) These rules may be called the Information Technology (Certifying Authorities) 
Amendment Rules, 2011. 

(2) They shall come into force on the date of their publication in the Official Gazette. 

2. In the Information Technology (Certifying authorities) Rules, 2000,- 

(a) in rule 4, for the words “and the Digital Signature shall be attached to its electronic record 
and stored or transmitted with its electronic record”, the words “ the Digital Signature and the 
digital signature Certificate attached to its electronic record shall be stored or transmitted 
along with its electronic record” shall be substituted; 

(b) after rule 5, the following rule shall be inserted, namely: - 

“5A. Verification of Digital Signature Certificate. - (a) The self signed certificate 
generated by the Controller, which begins the trust chain for the public key infrastructure, 
shall be used to verify the authenticity of the public key certificate of the licensed Certifying 
Authorities; 

(b) the public key certificate of the licensed Certifying Authorities shall be used to 
verify the authenticity of the digital signature certificate issued to the subscribers; 


(c) the certificate revocation list maintained by the licensed Certifying Authorities shall 
be checked to confirm whether the certificate is valid or whether it has been revoked 


under section 38 of the Act; 
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(d) while verifying the validity of a digital signature the corresponding digital signature 
certificate should chain up through the public key certificate of the issuing Certifying 
Authority to the self signed certificate of the Controller and if any of the certificates in the 
trust chain is not trusted the signature will not be verified.”. 


[F. No. 11(11)/2010-CLFE] 
N RAVI SHANKER, Addl. Secy. 


Note The principal rules were published in the Gazette of India, Extraordinary, vide notification 
G.S R.789(E), dated the 17 th October, 2000 and subsequently' amended vide notification 
numbers :- 

G.S.R. 902(E), dated 21-11-2003 G.S.R. 245(E), dated 21-4-2005 

G.S.R. 285(E), dated 23-4-2004 G.S.R. 32(E), dated 18-1-2006 

G.S.R. 535(E), dated 20-8-2004 G.S.R. 566(E), dated 5-8-2009 


M 25 2011 

783(3*).- wm? SjrRT 2000 (2000 21) # 87 #3^-*TRT 

(!) PRxT 9TfrB#t PRik 3 RcT fT, ^TT viWlfficf>l (M*iiuicpal HiftWl'fy PTO 1 *, 2000 m 3tk 


( 1 ) ^f# 2 J#t 4 >T#f&RHIH ’iJxHI (H*lR|cpaT Hifacpi'fl) WTl^R Pf' £ FT, 2011 % I 

(2) crr^te 3^crr i 

^£HT nldlffi'cfft (PH|U|4)6f f^FT, 2000#, (f^T TOTc( Pm 4>3T W 

t),Pm6#,- 


(c£) ‘RflWI-1 ^#7 tpaTJ^-2" 3ftRt, 3fcf# STs^t ^FFT ’R 'R^m-2” 3TCR, 3R> ^ 

'srn^T; 

(^) “512,1024, 2048 1#^ 3T4# 3#? 9^ ^R, “2048, 4096 far 3P3i 3lk 9T^ 

__ 

(J|) “3i^qr fxr^ 3T^r PTIWT -#Rft^#10” % ^R^TcT PiMplRsid STcTRSflftci toT 
3TRRT, 3Rrfcf> 

#?r 4 >t otjPt ri# §<r, ^rt 

(PWWdfPnto^ 2011 PIK-M Rr 3TT# # ^ *R stffa Pw m-iW tR 


3. 


^=cT Pm eft 3F£E£cft 3 #?T 21 



o 

(1) viH!U!cbdf 3^? S'txliSi'Wdl URT 



Wl % MP^c! 


^IRTTI 






THE GAZETTE OF INDIA : EXTRAORDINARY 


[Part II—Sec. 3(0] 


( 2 ) ^ i 

(3) m 3TTSR? c^T ^Tet 3p£ter feft M*?)^ T? 

^ cf^T ^ feTTJ B HIu ic ftc rf yitolfr 3NT ]?^fcT rtt? jsfT 3 

WpTT i 

(4) - ^WHFWctf -mfteft fsft 5^ 3?fc wm-^ # fttoRicir $\ araft i o ^ 

(5) JM %> gnfi sik iFnuT-t^r # faftmF*ieTT # 3^r cfrr 3^ 


[xpi. tf. ]l(4)/2011-#3?n^] 
T^T. ?fa ?FR, 3rqR ??fe 


fecqoft: ^f^FT 


aramRur # srfteHT ^r.^T.l^r. 789(3?) crrtfe 17 3?^r, 2000 


^T.^I.Pr. 902(3?), cTEto 21.11.2003 WM.ft. 245(3?), cff#^ 21.4.2005 
W.mft, 285(31). cFte23.4.2004 ^T.cET.Pf. 32(3?), cTlfKT 18.1.2006 

535(3?), 20.8.2004 STimfc. 566(3?), cIFftl5.8.2009 

NOTIFICATION 

New Delhi, the 25th October, 2011 

&S.R. 783(E). — In exercise of the powers conferred by sub section (1) of section 87 of the 
InformattOn TScRbblogy Act, 2000 (21 of 2000), the Central Government hereby makes the 
following rules to further amend the information Technology (Certifying Authorities) Rules, 2000, 
namely: - 

1. (1) These rules may be called the Information Technology (Certifying Authorities Amendment) 
Rules, 2011. 

(2)They shall come into force on the date of their publication in the Official Gazette. 

2. In the Information Technology (Certifying Authorities) Rules, 2000, (hereinafter referred to as 
the said rules), in rule 6, - 

(a) for the letters, figure and word "SHA-1 and SHA-2” the letters, figure and word 
“SHA-2” shall be substituted; 

(b) for the figures and words “512, 1024, 2048 bit", the figures and words “2048, 4096 
bit” shall be substituted; 

(c) after “Digital Signature Request Format-PKCS#10” the following shall be inserted, 
namely 

"Explanation.-- The Digital signature certificate granted before the commencement of 
the Information Technology (Certifying Authorities Amendment) Rules, 2011 using 
SHA-1, digital hash function standard shall continue to be valid till the date of expiry of 
such certificate.” 

3. In Schedule-Ill to the said rules, in the guidelines, for paragraph 21, the following paragraph 
shall be substituted namely 

“21. Usage period for Keys - 

(1) Certifying Authority and subscriber keys shall be changed periodically. 

(2) Key cfaange shall be processed as per Key Generation guidelines. 

(3) The Certifying Authority shall provide reasonable notice to the Subscriber’s relying parties 
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of any change to a new key pair used by the Certifying authority to sign Digital Signature 
Certificates. 

(4) All Certifying Authorities key pairs and associated certificates must have validity period of 
no more than ten years. 

(5) All subscriber’s key pairs and associated certificates must have validity period of no more 
than three years.” 

[F. No. 11(4)/20.il'CLFE] 
N. RAVI SHANKER, Addl. Secy. 

Note:' The principal rules were published in the Gazette of India, Extraordinary, vide notification 
number G.S.R,789(E), dated the 17 th October, 2000 and subsequently amended vide notification 
numbers :*■ 

G.S.R. 902(E), dated 21-11-2003 G.S.R. 245(E), dated 21-4-2005 

G.S.R. 285(E), dated 23-4-2004 G.S.R. 32(E), dated 18-1-2006 

G.S.R. 535(E), dated 20-8-2004 G.S.R. 566(E), dated 5-8-2009 
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